def enableSatelliteRepo(rhn_cert):
args = ['rpm', '-q', '--qf', '\'%{version}\'', '-f', '/etc/redhat-release']
ret, out, err = fileutils.rhn_popen(args)
# Read from stdout, strip quotes if any and extract first number
version = re.search(r'\d+', out.read().strip("'")).group()
if version not in SUPPORTED_RHEL_VERSIONS:
msg = "WARNING: No Satellite repository available for RHEL version: %s.\n" % version
sys.stderr.write(msg)
return
sat_cert = satellite_cert.SatelliteCert()
sat_cert.load(rhn_cert)
sat_version = getattr(sat_cert, 'satellite-version')
repo = "rhel-%s-server-satellite-%s-rpms" % (version, sat_version)
args = ['/usr/bin/subscription-manager', 'repos', '--enable', repo]
ret, out, err = fileutils.rhn_popen(args)
if ret:
msg_ = "Enabling of Satellite repository failed."
msg = ("%s\nReturn value: %s\nStandard-out: %s\n\n"
"Standard-error: %s\n\n"
% (msg_, ret, out.read(), err.read()))
sys.stderr.write(msg)
raise EnableSatelliteRepositoryException("Enabling of Satellite repository failed. Is there Satellite "
"subscription attached to this system? Is the version of "
"RHEL and Satellite certificate correct?")
def expiredYN(cert):
""" dead simple check to see if our RHN cert is not expired
returns either "" or the date of expiration.
"""
# parse it and snag "expires"
sc = satellite_cert.SatelliteCert()
sc.load(cert)
# note the correction for timezone
# pylint: disable=E1101
try:
expires = time.mktime(time.strptime(
sc.expires, sc.datesFormat_cert)) - time.timezone
except ValueError:
writeError(
"Can't seem to parse the expires field in the RHN Certificate. "
"RHN Certificate's version is incorrect?")
# a cop-out FIXME: not elegant
sys.exit(11)
now = time.time()
if expires < now:
return sc.expires
else:
return ''
def expiredYN(certPath):
""" dead simple check to see if our RHN cert is not expired
returns either "" or the date of expiration.
"""
# open cert
try:
fo = open(certPath, 'rb')
except IOError:
sys.stderr.write("ERROR: unable to open the cert: %s\n" % certPath)
sys.exit(1)
cert = fo.read().strip()
fo.close()
# parse it and snag "expires"
sc = satellite_cert.SatelliteCert()
sc.load(cert)
# note the correction for timezone
# pylint: disable=E1101
try:
expires = time.mktime(time.strptime(
sc.expires, sc.datesFormat_cert)) - time.timezone
except ValueError:
sys.stderr.write("""\
ERROR: can't seem to parse the expires field in the RHN Certificate.
RHN Certificate's version is incorrect?\n""")
# a cop-out FIXME: not elegant
sys.exit(11)
now = time.time()
if expires < now:
return sc.expires
else:
return ''
def localUpdateChannels():
cert = open(DEFAULT_RHN_CERT_LOCATION).read()
sat_cert = satellite_cert.SatelliteCert()
sat_cert.load(cert)
sync_handlers.populate_channel_family_permissions(sat_cert)
sync_handlers.purge_extra_channel_families()
sync_handlers.update_channel_family_counts()
def validateSatCert(cert, verbosity=0):
""" validating (i.e., verifing sanity of) this product.
I.e., makes sure the product Certificate is a sane certificate
"""
sat_cert = satellite_cert.SatelliteCert()
sat_cert.load(cert)
for key in ['generation', 'product', 'owner', 'issued', 'expires', 'slots']:
if not getattr(sat_cert, key):
sys.stderr.write("Error: Your satellite certificate is not valid. Field %s is not defined.\n"
"Please contact your support representative.\n" % key)
raise RHNCertGeneralSanityException("RHN Entitlement Certificate failed "
"to validate.")
signature = sat_cert.signature
# copy cert to temp location (it may be gzipped).
fd, certTmpFile = tempfile.mkstemp(prefix="/tmp/cert-")
fo = os.fdopen(fd, 'wb')
fo.write(getCertChecksumString(sat_cert))
fo.flush()
fo.close()
fd, signatureTmpFile = tempfile.mkstemp(prefix="/tmp/cert-signature-")
fo = os.fdopen(fd, 'wb')
fo.write(signature)
fo.flush()
fo.close()
args = ['gpg', '--verify', '-q', '--keyring',
DEFAULT_WEBAPP_GPG_KEY_RING, signatureTmpFile, certTmpFile]
if verbosity:
print "Checking cert XML sanity and GPG signature:", repr(' '.join(args))
ret, out, err = fileutils.rhn_popen(args)
err = err.read()
out = out.read()
# nuke temp cert
os.unlink(certTmpFile)
os.unlink(signatureTmpFile)
if err.find('Ohhhh jeeee: ... this is a bug') != -1 or err.find('verify err') != -1 or ret:
msg = "%s Entitlement Certificate failed to validate.\n" % PRODUCT_NAME
msg = msg + "MORE INFORMATION:\n"
msg = msg + " Return value: %s\n" % ret +\
" Standard-out: %s\n" % out +\
" Standard-error: %s\n" % err
sys.stderr.write(msg)
raise RHNCertGeneralSanityException("RHN Entitlement Certificate failed "
"to validate.")
return 0
def enableSatelliteRepo(rhn_cert):
args = [
'rpm', '-q', '--qf', '\'%{version} %{arch}\'', '-f',
'/etc/redhat-release'
]
ret, out, err = fileutils.rhn_popen(args)
data = out.read().strip("'")
version, arch = data.split()
# Read from stdout, strip quotes if any and extract first number
version = re.search(r'\d+', version).group()
if version not in SUPPORTED_RHEL_VERSIONS:
log(
0,
"WARNING: No Satellite repository available for RHEL version: %s."
% version)
return
arch_str = "server"
if arch == "s390x":
arch_str = "system-z"
sat_cert = satellite_cert.SatelliteCert()
sat_cert.load(rhn_cert)
sat_version = getattr(sat_cert, 'satellite-version')
repo = "rhel-%s-%s-satellite-%s-rpms" % (version, arch_str, sat_version)
args = ['/usr/bin/subscription-manager', 'repos', '--enable', repo]
ret, out, err = fileutils.rhn_popen(args)
if ret:
msg_ = "Enabling of Satellite repository failed."
msg = ("%s\nReturn value: %s\nStandard-out: %s\n\n"
"Standard-error: %s\n" % (msg_, ret, out.read(), err.read()))
writeError(msg)
raise EnableSatelliteRepositoryException(
"Enabling of Satellite repository failed. Make sure Satellite "
"subscription is attached to this system, both versions of RHEL and "
"Satellite are supported or run activation with --disconnected "
"option.")
def test():
c = satellite_cert.SatelliteCert()
c.load(CERT)
#
# Copyright (c) 2008--2010 Red Hat, Inc.
#
# This software is licensed to you under the GNU General Public License,
# version 2 (GPLv2). There is NO WARRANTY for this software, express or
# implied, including the implied warranties of MERCHANTABILITY or FITNESS
# FOR A PARTICULAR PURPOSE. You should have received a copy of GPLv2
# along with this software; if not, see
# http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt.
#
# Red Hat trademarks are not licensed under GPLv2. No permission is
# granted to use or replicate Red Hat trademarks that are incorporated
# in this software or its documentation.
#
import sys
from spacewalk.server.rhnServer import satellite_cert
if len(sys.argv) != 2:
print "Usage: %s <cert-file>" % sys.argv[0]
sys.exit(1)
c = satellite_cert.SatelliteCert()
c.load(open(sys.argv[1]).read())
print c, dir(c)
print getattr(c, "provisioning-slots")
def storeRhnCert(cert, check_generation=0, check_version=0):
""" Pushes an RHN cert into the database, in rhnSatelliteCert
"cert" is the raw RHN Certificate as a string.
"""
label = 'rhn-satellite-cert'
cert = cert.strip()
# sanity check
# satellite_cert.ParseException can be thrown
sc = satellite_cert.SatelliteCert()
sc.load(cert)
# pylint: disable=E1101
# gotta make sure there is a first org_id
create_first_org(owner=sc.owner)
# dates: formatted for DB
expires = strftime(sc.datesFormat_db,
strptime(sc.expires, sc.datesFormat_cert))
issued = strftime(sc.datesFormat_db,
strptime(sc.issued, sc.datesFormat_cert))
version = 0
certAlreadyUploadedYN = 0
# First, find out the right next version for this cert
row = retrieve_db_cert()
if row:
db_cert = row['cert']
db_issued = row['issued']
db_expires = row['expires']
version = row['version']
if db_cert == cert and issued == db_issued and expires == db_expires:
# cert is already uploaded and the expiration dates match
certAlreadyUploadedYN = 1
else:
# cert is not uploaded *or* the expirations are out of whack
version = version + 1
if check_generation or check_version:
# Load the stored cert
stored_sc = satellite_cert.SatelliteCert()
stored_sc.load(db_cert)
if check_generation and stored_sc.generation != sc.generation:
raise CertGenerationMismatchError()
if check_version:
old_version = getattr(stored_sc, 'satellite-version')
new_version = getattr(sc, 'satellite-version')
if old_version != new_version:
raise CertVersionMismatchError(old_version,
new_version)
if not certAlreadyUploadedYN:
# bug 145491 update the cunstomer's name (should be harmless)
wc_up = rhnSQL.prepare(_query_update_web_customer)
wc_up.execute(owner=sc.owner)
wu_up = rhnSQL.prepare(_query_update_web_user)
wu_up.execute(owner=sc.owner)
# XXX bug 145491, there may be further work here for rhnchannelfamily,
# but only if it actually affects rhn's behaviour (because it's a real
# bitch to fix because the channel family's name column is *based* on
# the certificate owner
h = rhnSQL.prepare(_query_insert_cert)
h.execute(label=label, version=version, expires=expires, issued=issued)
# Oracle aparently needs a separate query to update the cert blob:
h.update_blob("rhnSatelliteCert",
"cert",
"WHERE label = :label AND version = :version",
cert,
label=label,
version=version)
# always reset the slots
set_slots_from_cert(sc)
cfg = RHNOptions('web')
cfg.parse()
rhnSQL.commit()
